Malicious software, more commonly known as malware, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs are able to perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.

How malware works

Malicious programs can be delivered physically to a system through a USB drive or by other means. Malware can often spread via the internet through drive-by downloads, which automatically downloads malicious programs to users’ systems without their approval or knowledge.

Phishing attacks are another common type of malware delivery; emails disguised as legitimate messages contain malicious links, or attachments that can deliver the malware executable to unsuspecting users.

Sophisticated malware attacks often feature the use of a command-and-control server that allows threat actors to communicate with the infected systems, exfiltrate sensitive data and even remotely control the compromised device or server.

Emerging strains of malware often include new evasion and obfuscation techniques that are designed to not only fool users, but security administrators and antimalware products as well.

More sophisticated threats include polymorphic malware, which can repeatedly change its underlying code to avoid detection from signature-based detection tools; anti-sandbox techniques, which allow the malware to detect when it’s being analyzed and delay execution until after it leaves the sandbox; and fileless malware, which resides only in the system’s RAM in order to avoid being discovered.

Types of malware

  • A virus is the most common type of malware, and it’s defined as a malicious program that can execute itself and spreads by infecting other programs or files.
  • A worm is a type of malware that can self-replicate without a host program; worms typically spread without any human interaction or directives from the malware authors.
  • A Trojan horse is a malicious program that is designed to appear as a legitimate program; once activated following installation, Trojans can execute their malicious functions.
  • Spyware is a kind of malware that is designed to collect information and data on users and observe their activity without users’ knowledge.

Other types of malware include functions or features designed for a specific purpose.

  • Ransomware, for example, is designed to infect a user’s system and encrypt the data.
  • A rootkit is a type of malware designed to obtain administrator-level access to the victim’s system. Once installed, the program gives threat actors root or privileged access to the system.
  • A backdoor virus or remote access Trojan (RAT) is a malicious program that secretly creates a backdoor into an infected system that allows threat actors to remote access it without alerting the user or the system’s security programs.

Similar programs

There are other types of programs that share common traits with malware, but are distinctly different. Adware, for example, can have adverse effects on users in terms of annoying users with unwanted ads and degrading performance of the device or system. Adware, however, is generally not considered the same as malware, since there isn’t a malicious intent to harm users or their systems. There are cases, however, where adware can contain harmful threats; web ads can be hijacked by threat actors and turned into malvertising threats. Similarly, some adware can contain spyware-like features that collect information, such as browsing histories and personal information, without users’ knowledge or consent.

A PUP, or potentially unwanted program, is another example of a program similar to malware. These are typically applications that trick users into installing them on their systems, such as browser toolbars, but don’t execute any malicious functions once they have been installed. However, there are cases where a PUP may contain spyware-like functionality or other hidden malicious features, in which case the PUP would be classified as malware.